[Zope-dev] skinscript and URL traversal question

Aaron Payne aaron@aaronpayne.com
Sun, 21 Jan 2001 11:42:38 -0500


Hi all,

A solution has been found.  woohoo.  A not found error was produced with 
direct URL traversal.

Steve Spicklemire sent this solution off list.

The process is split into two steps:

Do the query to 'load the object on traversal':
WITH QUERY searchBy_Name(name=self.id) COMPUTE name

Do the query to 'load the attributes needed for rendering a particular 
document':
WITH QUERY searchByNameCheck(self.id) COMPUTE 
username,coupon_text,categorylist,categoryheader,expirationdate,status,couponterms

During traversal AUTHENTICATED_USER is not yet defined, so it's no good trying
to get to it. However, once authentication has happened (after Zope has sorted
out what object you're after an imposed security on the object..) then it 
should
be OK. Since the Storage tab uses 'name' to load the object, we can't access
AUTHENTICATED_USER before loading 'name', but the other attributes are OK.

-Aaron